package com.example.layui_project.comm.action;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.servlet.http.HttpServletRequest;

@Controller
public class BaseController {
    @Autowired
    private HttpServletRequest request;
    @GetMapping("/login")
    public String defaultPage() {
        return "login/login";
    }

    public boolean checkPermission(){
        Subject subject = SecurityUtils.getSubject();
        try {
            boolean isSuperAdmin = subject.hasRole("超级管理员");
            if(!isSuperAdmin){
                // 不好意思 不是超级管理员的话需要校验权限了
                subject.checkPermission(request.getServletPath());
            }
        }catch (AuthorizationException e){
            // 抛出该异常说明权限验证没有通过，所以应该返回前端401即是无权限错误
            return false;
        }
        return true;
    }
}
